Knowledge-aware detection of attacks on a client device conducted with dual-use tools. A method may include obtaining dual-use tool data related to a plurality of dual-use tools; collecting from a client device, by the computing device, user input related to the use of a dual-use tool of the plurality of dual-use tools; determining that the user input contains a feature of the dual-use tool data; creating a behavioral index of the user input, the behavioral index stored on the client device; detecting new input on the client device; determining a similarity level between the user input and the new input; flagging a malicious attack on the client device based on determining that the similarity level does not satisfy a pre-determined threshold; and implementing a security action on the client device based on flagging the malicious attack.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein the implementing of the security action comprises one or more of blocking network connectivity to the client device, or quarantining the client device, or a combination thereof.
5. The method of claim 1, wherein the one or more user actions that are performed by the user independent of the dual-use tool to interact with the dual-use tool comprise at least one of one or more search actions to search for one or more commands associated with the dual-use tool to enter into the dual-use tool or one or more copying actions to copy the one or more commands associated with the dual-use tool to enter into the dual-use tool.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 28, 2019
November 8, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.